Applications and commands that can override system controls are considered privileged applications. Security attributes such as UID=0, privileges, and authorizations make an application privileged.
Privileged applications that check for root (UID=0) or some other special UID or GID have long existed in the UNIX environment. The rights profile mechanism enables you to isolate commands that require a specific ID. Instead of changing the ID on a command that anyone can access, you can place the command with an assigned UID in a rights profile. A user or role with that rights profile can then run the program as that UID without having to become superuser.
IDs can be specified as real or effective. Assigning effective IDs is preferred over assigning real IDs. Effective IDs are equivalent to the setuid feature in the file permission bits. Effective IDs also identify the UID for auditing. However, because some shell scripts and programs require a real UID of root, real UIDs can be set as well. For example, the reboot command requires a real rather than an effective UID.
Privileged applications can check for the use of privileges. The rights profile mechanism enables you to specify the privileges for specific commands that require security attributes. Then, you can isolate the command with assigned security attributes in a rights profile. A user or role with that rights profile can then run the command with just the privileges that the command requires.
Commands that check for privileges include the following:
Kerberos commands, such as kadmin, kprop, and kdb5_util
Network commands, such as ipadm, routeadm, and snoop
File and file system commands, such as chmod, chgrp, and mount
Commands that control processes, such as kill, pcred, and rcapadm
To add commands with privileges to a rights profile, see How to Create a Rights Profile and the profiles (1) man page. To determine which commands check for privileges in a particular profile, see Chapter 6, Listing Rights in Oracle Solaris.
Some Oracle Solaris commands check authorizations, including the following:
Audit administration commands, such as auditconfig and auditreduce
Printer administration commands, such as cupsenable and lpadmin
Batch job commands, such as at, atq, batch, and crontab
Device-oriented commands, such as allocate, deallocate, list_devices, and cdrw.
For guidance about checking a script or program for authorizations, see Example 4–3. To write a program that requires authorizations, see About Authorizations in Developer’s Guide to Oracle Solaris 11 Security .